This just keeps getting weirder.
Late yesterday afternoon, I did a lengthy "stare-and-compare" between
what SSLInfo returned for the two different Tomcat servers, and I
couldn't find any differences. But then, I got called away from this on
something that kept me in the office until after 7 PM.
Finally getting back to it, I looked at the "connector ciphers" on the
Tomcat 8 manager (there isn't one on the Tomcat 7 manager), and saw that
only 16 of the 36 ciphers that SSLInfo starred as "default" are actually
enabled in Tomcat.
Then, using what Mr. Schultz told me about reading cipher names, I
compared what actually *does* come up in the Tomcat 8 manager with the
DSPSYSVAL on the AS/400. And I found that if
*RSA_AES_256_CBC_SHA
is the same as
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
then maybe we DO have a common cipher, at least in theory (unless
"ECDHE" makes it otherwise).
Unfortunately, I can't run the local box's Tomcat server through
SSLLabs, because it's on a nonstandard port number, and Tomcat 7 doesn't
have a "connector ciphers" button on the manager main page.
The cloud box is a Google Compute Engine instance. Is it possible that
Google is somehow vetoing the handshake?
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
